As promised, here are some .htaccess examples to help secure your web site. First off is preventing .php or other scripts from being run from within an ‘upload’ folder in the web space. You would expect images and in some cases, zip files or even Office type files. In order to block the script being run, add the .htaccess file into the directory in question, this file prevents .php files from being accessed:
<Files *.php> deny from all </Files>
This one prevents .php, .pl, .cgi and .rb (for the Ruby enthusiasts)..
<FilesMatch "\.(php|pl|cgi|rb)$"> deny from all </FilesMatch>
Next up is to prevent access to the directory from any IP address but the ones you trust:
<Limit GET POST PUT> order deny,allow deny from all allow from 126.96.36.199 # Use a single host allow from 192.168.0.0/16 # Use a CIDR slash notation allow from 172.16.0.0/255.255.0.0 # Use a netmask allow from 10.*.*.* # Use wildcards </Limit>
Ive used various notations here for allowing the ip addresses.
The .htaccess files can do loads of great stuff, far too much to document here, but why not look on the Apache website here: http://httpd.apache.org/docs/2.2/howto/htaccess.html